github.com/minio/console@v1.4.1/web-app/tests/permissions-3/bucketSpecific.ts (about) 1 // This file is part of MinIO Console Server 2 // Copyright (c) 2022 MinIO, Inc. 3 // 4 // This program is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Affero General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // This program is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17 import * as roles from "../utils/roles"; 18 import * as elements from "../utils/elements"; 19 import * as functions from "../utils/functions"; 20 import { 21 namedManageButtonFor, 22 namedTestBucketBrowseButtonFor, 23 } from "../utils/functions"; 24 import { bucketsElement, logoutItem } from "../utils/elements-menu"; 25 import { Selector } from "testcafe"; 26 27 const TEST_BUCKET_NAME_SPECIFIC = "specific-bucket"; 28 29 fixture("For user with permissions that only allow specific Buckets").page( 30 "http://localhost:9090", 31 ); 32 33 test("Buckets sidebar item exists", async (t) => { 34 const bucketsExist = bucketsElement.with({ boundTestRun: t }).exists; 35 await t.useRole(roles.bucketSpecific).expect(bucketsExist).ok(); 36 }); 37 38 // Bucket assign policy tests 39 40 test 41 .before(async (t) => { 42 // Create a bucket 43 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-1`); 44 })("A readonly policy can be assigned to a bucket", async (t) => { 45 await t 46 // We need to log back in after we use the admin account to create bucket, 47 // using the specific role we use in this module 48 .useRole(roles.bucketSpecific) 49 .navigateTo("http://localhost:9090/buckets") 50 .click(namedManageButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-1`)) 51 .click(elements.bucketAccessRulesTab) 52 .click(elements.addAccessRuleButton) 53 .typeText(elements.bucketsPrefixInput, "readonlytest") 54 .click(elements.bucketsAccessInput) 55 .click(elements.bucketsAccessReadOnlyInput) 56 .click(elements.saveButton); 57 }) 58 .after(async (t) => { 59 // Cleanup created bucket 60 await functions.cleanUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-1`); 61 }); 62 63 test 64 .before(async (t) => { 65 // Create a bucket 66 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-2`); 67 })("A writeonly policy can be assigned to a bucket", async (t) => { 68 await t 69 // We need to log back in after we use the admin account to create bucket, 70 // using the specific role we use in this module 71 .useRole(roles.bucketSpecific) 72 .navigateTo("http://localhost:9090/buckets") 73 .click(namedManageButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-2`)) 74 .click(elements.bucketAccessRulesTab) 75 .click(elements.addAccessRuleButton) 76 .typeText(elements.bucketsPrefixInput, "writeonlytest") 77 .click(elements.bucketsAccessInput) 78 .click(elements.bucketsAccessWriteOnlyInput) 79 .click(elements.saveButton); 80 }) 81 .after(async (t) => { 82 // Cleanup created bucket 83 await functions.cleanUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-2`); 84 }); 85 86 test 87 .before(async (t) => { 88 // Create a bucket 89 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-3`); 90 })("A readwrite policy can be assigned to a bucket", async (t) => { 91 await t 92 // We need to log back in after we use the admin account to create bucket, 93 // using the specific role we use in this module 94 .useRole(roles.bucketSpecific) 95 .navigateTo("http://localhost:9090/buckets") 96 .click(namedManageButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-3`)) 97 .click(elements.bucketAccessRulesTab) 98 .click(elements.addAccessRuleButton) 99 .typeText(elements.bucketsPrefixInput, "readwritetest") 100 .click(elements.bucketsAccessInput) 101 .click(elements.bucketsAccessReadWriteInput) 102 .click(elements.saveButton); 103 }) 104 .after(async (t) => { 105 // Cleanup created bucket 106 await functions.cleanUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-3`); 107 }); 108 109 // Bucket read tests 110 111 test 112 .before(async (t) => { 113 // Create a bucket 114 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-4`); 115 })("Browse button exists", async (t) => { 116 await new Promise((resolve) => setTimeout(resolve, 2000)); 117 await t 118 .useRole(roles.bucketRead) 119 .navigateTo("http://localhost:9090/browser") 120 .expect( 121 namedTestBucketBrowseButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-4`).exists, 122 ) 123 .ok(); 124 }) 125 .after(async (t) => { 126 // Cleanup created bucket and corresponding uploads 127 await functions.cleanUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-4`); 128 }); 129 130 test 131 .before(async (t) => { 132 // Create a bucket 133 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-5`); 134 })("Bucket access is set to R", async (t) => { 135 await new Promise((resolve) => setTimeout(resolve, 2000)); 136 await t 137 .useRole(roles.bucketRead) 138 .navigateTo("http://localhost:9090/buckets") 139 .expect(Selector(`#access-${TEST_BUCKET_NAME_SPECIFIC}-5`).innerText) 140 .eql("Access: R"); 141 }) 142 .after(async (t) => { 143 // Cleanup created bucket and corresponding uploads 144 await functions.cleanUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-5`); 145 }); 146 147 test 148 .before(async (t) => { 149 // Create a bucket 150 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-6`); 151 await t 152 .useRole(roles.admin) 153 .navigateTo("http://localhost:9090/browser") 154 .click(namedTestBucketBrowseButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-6`)) 155 // Upload object to bucket 156 .setFilesToUpload(elements.uploadInput, "../uploads/test.txt") 157 .click(logoutItem); 158 })("Object list table is enabled", async (t) => { 159 await new Promise((resolve) => setTimeout(resolve, 2000)); 160 await t 161 .useRole(roles.bucketRead) 162 .navigateTo("http://localhost:9090/browser") 163 .click(namedTestBucketBrowseButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-6`)) 164 .expect(elements.table.exists) 165 .ok(); 166 }) 167 .after(async (t) => { 168 // Cleanup created bucket and corresponding uploads 169 await functions.cleanUpNamedBucketAndUploads( 170 t, 171 `${TEST_BUCKET_NAME_SPECIFIC}-6`, 172 ); 173 }); 174 175 // Bucket write tests 176 177 test 178 .before(async (t) => { 179 // Create a bucket 180 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-7`); 181 })("Browse button exists", async (t) => { 182 const testBucketBrowseButton = namedTestBucketBrowseButtonFor( 183 `${TEST_BUCKET_NAME_SPECIFIC}-7`, 184 ); 185 await t 186 .useRole(roles.bucketSpecific) 187 .navigateTo("http://localhost:9090/browser") 188 .expect(testBucketBrowseButton.exists) 189 .ok(); 190 }) 191 .after(async (t) => { 192 // Cleanup created bucket and corresponding uploads 193 await functions.cleanUpNamedBucketAndUploads( 194 t, 195 `${TEST_BUCKET_NAME_SPECIFIC}-7`, 196 ); 197 }); 198 199 test 200 .before(async (t) => { 201 // Create a bucket 202 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-8`); 203 })("Bucket access is set to R/W", async (t) => { 204 await new Promise((resolve) => setTimeout(resolve, 2000)); 205 await t 206 .useRole(roles.bucketSpecific) 207 .navigateTo("http://localhost:9090/buckets") 208 .expect(Selector(`#access-${TEST_BUCKET_NAME_SPECIFIC}-8`).innerText) 209 .eql("Access: R/W"); 210 }) 211 .after(async (t) => { 212 // Cleanup created bucket and corresponding uploads 213 await functions.cleanUpNamedBucketAndUploads( 214 t, 215 `${TEST_BUCKET_NAME_SPECIFIC}-8`, 216 ); 217 }); 218 219 test 220 .before(async (t) => { 221 // Create a bucket 222 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-9`); 223 })("Upload button exists", async (t) => { 224 const uploadExists = elements.uploadButton.exists; 225 const testBucketBrowseButton = namedTestBucketBrowseButtonFor( 226 `${TEST_BUCKET_NAME_SPECIFIC}-9`, 227 ); 228 await t 229 .useRole(roles.bucketSpecific) 230 .navigateTo("http://localhost:9090/browser") 231 .click(testBucketBrowseButton) 232 .expect(uploadExists) 233 .ok(); 234 }) 235 .after(async (t) => { 236 // Cleanup created bucket and corresponding uploads 237 await functions.cleanUpNamedBucketAndUploads( 238 t, 239 `${TEST_BUCKET_NAME_SPECIFIC}-9`, 240 ); 241 }); 242 243 test 244 .before(async (t) => { 245 // Create a bucket 246 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-10`); 247 })("Object can be uploaded to a bucket", async (t) => { 248 const testBucketBrowseButton = namedTestBucketBrowseButtonFor( 249 `${TEST_BUCKET_NAME_SPECIFIC}-10`, 250 ); 251 await t 252 .useRole(roles.bucketSpecific) 253 .navigateTo("http://localhost:9090/browser") 254 .click(testBucketBrowseButton) 255 // Upload object to bucket 256 .setFilesToUpload(elements.uploadInput, "../uploads/test.txt"); 257 }) 258 .after(async (t) => { 259 // Cleanup created bucket and corresponding uploads 260 await functions.cleanUpNamedBucketAndUploads( 261 t, 262 `${TEST_BUCKET_NAME_SPECIFIC}-10`, 263 ); 264 }); 265 266 test 267 .before(async (t) => { 268 // Create a bucket 269 await functions.setUpNamedBucket(t, `${TEST_BUCKET_NAME_SPECIFIC}-11`); 270 })("Object list table is disabled", async (t) => { 271 await t 272 .useRole(roles.bucketSpecific) 273 .navigateTo("http://localhost:9090/browser") 274 .click(namedTestBucketBrowseButtonFor(`${TEST_BUCKET_NAME_SPECIFIC}-11`)) 275 .expect(elements.bucketsTableDisabled.exists) 276 .ok(); 277 }) 278 .after(async (t) => { 279 // Cleanup created bucket and corresponding uploads 280 await functions.cleanUpNamedBucketAndUploads( 281 t, 282 `${TEST_BUCKET_NAME_SPECIFIC}-11`, 283 ); 284 });